Thursday, September 08, 2011

FTC Announces Second Mobile Application Settlement

by Mehmet Munur

The FTC announced an enforcement action against the two marketers of mobile applications on Apple and Google mobile application stores that claimed, among other things, to cure acne by “resting the iPhone against your skin’s acne-prone areas for 2 minutes daily to improve skin health without prescription drugs.” This is the second enforcement action that the FTC brought against mobile application developers. The first mobile application enforcement action was for violations of COPPA.

According to the FTC complaint against AcneApp, the advertisement for the application contained statements that the application was an effective treatment for acne and that the representations relating to the application were false and misleading. The description of the application stated that it had been developed by a dermatologist and a British Journal of Dermatology study showed the effectiveness of the treatment. As a result, the FTC alleged that the marketer’s actions amounted unfair and deceptive trade practices under Section 5 of the FTC Act.

The accompanying agreement and consent order requires the marketers to pay $14,294 in fines to the FTC . It also prohibits the marketers from representing that the AcneApp provides effective treatment for Acne unless they have reliable scientific evidence substantiating that representation. The consent order also contains record keeping requirements relating to all advertisements and notification requirements. As is customary with FTC enforcement action, the order terminates in 20 years. However, it does not include any third party assessments, which is usual for enforcement actions relating to security breaches. The complaint and the agreement sand consent order for the second application (aptly titled Acme Pwner) marketer are similar in nature. However, the fines are limited to $1,700.

This enforcement action is the second enforcement action for the FTC in the mobile space. At the time of the first enforcement action, we proclaimed that the FTC would continue to be active in this area. This is yet another indication of the FTC’s willingness to bring enforcement actions in the mobile space. We expect the next enforcement action to be based on the privacy or security practices of a mobile application directed towards adults.

Tuesday, September 06, 2011

Last week, California governor Jerry Brown signed into law SB 24 which updates California's existing data breach notification law (SB 1386) by adding new requirements for data breach notices sent to affected California residents. The bill was sponsored by State Senator Joe Simitian, whose office provided a fact sheet summarizing the bill's main points:

Establishes standard, core content -- such as the type of information breached, time of breach, and toll-free telephone numbers and addresses of the major credit reporting agencies -- for security breach notices in California;

Requires public agencies, businesses, and persons subject to California’s security breach notification law, if more than 500 California residents are affected by a single breach, to send an electronic copy of the breach notification to the Attorney General; and,

Requires public agencies, businesses and persons subject to California’s security breach notification law, if they are utilizing the substitute notice provisions in current law, to also provide that notification to the Office of Information Security or the Office of Privacy Protection, as applicable.

This web site provides general information about our firm for your convenience. This website and its content do not establish an attorney/client relationship between us. Information on the site is not legal advice.
Do not send confidential information to any of our lawyers without first obtaining our permission.